eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
This is a test
Compartir libro
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Ransomware Protection Playbook
Roger A. Grimes
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Avoid becoming the next ransomware victim by taking practical steps today
Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day.
In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks.
In addition to walking you through the necessary technical preventative measures, this critical book will show you how to:
- Quickly detect an attack, limit the damage, and decide whether to pay the ransom
- Implement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damage
- Lay down a secure foundation of cybersecurity insurance and legal protection to mitigate the disruption to your life and business
A must-read for cyber and information security professionals, privacy leaders, risk managers, and CTOs, Ransomware Protection Playbook is an irreplaceable and timely resource for anyone concerned about the security of their, or their organization's, data.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Ransomware Protection Playbook un PDF/ePUB en línea?
Sí, puedes acceder a Ransomware Protection Playbook de Roger A. Grimes en formato PDF o ePUB, así como a otros libros populares de Computer Science y Cyber Security. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Part I
Introduction
- Chapter 1:Introduction to Ransomware
- Chapter 2: Preventing Ransomware
- Chapter 3: Cybersecurity Insurance
- Chapter 4: Legal Considerations
Chapter 1
Introduction to Ransomware
This chapter is a general introduction to ransomware starting with the basics and leading to a more mature discussion of all the features and components that make it such a mature and formidable foe today. You will learn that much of the ransomware industry is run more like a professional, corporate industry rather than like the traditional perception of a few bad guys or gangs hiding out in their basements drinking jacked-up caffeinated sodas surrounded by empty bags of chips. Instead, you're more likely to find CEOs, payroll departments, professional developers, and business partners. You will come away with a very good understanding of today's ransomware, what and how it does it, and the significant challenges to defeat it.
Note to the reader: This chapter is the longest of the book.
How Bad Is the Problem?
Many press and security experts seem to compete with each other to use the latest over-the-top superlatives surrounding ransomware. But for once in the computer security world, the statistics and scary reputation are well earned. We have had other very bad, long runs of damage-causing malware such as that from DOS boot viruses, disk-formatting computer viruses like Michelangelo (1992), worms that crashed email and pager systems like the Iloveyou worm (2000), rapidly spreading and database-crashing worms like SQL Slammer (2003), the USB-key spreading Conficker (2008), spam bots, and resource-sucking crypto-miners. We've been living with damage-causing malware for a long time. But no previous threat has produced the damage and operational interruption caused by ransomware. It's simply unparalleled in human history, and that is not hyperbole. It might be the “tipping point” event that forces the Internet to finally be made significantly safer.
As bad as ransomware has been and still is, it is still getting worse. The number of attempts against possible victims is growing. The number of successful attacks is growing. The ransoms demanded per exploitation are greater. The percentage of victims paying the ransom is increasing. The overall damage, in financial and other terms, is growing exponentially. Since the beginning of ransomware, and especially since bitcoin came around and allowed it to take off, it has been one historic year after historic year for ransomware purveyors and their programs. We are likely living in the “golden age” of malware, at least from the bad guy's perspective. Here are some of the latest stats at the time of this writing:
- The FBI says it is investigating about 100 different types of ransomware programs (
https://www.reuters.com/technology/fbi-says-it-is-investigating-about-100-types-ransomware-wsj-2021-06-04/). - Ransomware was successful in exploiting 68 percent of surveyed organizations in one year alone (
https://cyber-edge.com/wp-content/uploads/2021/04/CyberEdge-2021-CDR-Report-v1.1-1.pdf). That figure alone is shocking. - The same survey listed in the previous bullet point says the average ransom paid in 2020 was $166,475, and 57 percent of victims paid the ransom.
- Coveware says the average ransom paid in Q1 2021 was $220,298 (
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound). Why is Coveware's figure higher than the previous report? It's likely because Coveware's figure is newer. When I see a low-ball ransomware figure, I usually check the date of the statistic, and it's almost always old. And when I mean old, I mean only by a year or two. Either way, ransomware is growing tremendously over time. - The highest publicly known paid ransom the author is aware of is $40 million, but there are many in the $5 million to $10 million range. There are likely many privately paid ransoms over $40 million that we are not aware of.
- This 2019 report (
https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/) says the average ransomware incident cost $8.1 million and took 287 days to recover from. - This vendor states $18 billion was paid globally in ransom and total costs are in the hundreds of billions of dollars …a year (
https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/).
In summary, the problem of ransomware is pretty bad and growing over time.
Variability of Ransomware Data
Things are moving so fast in the ransomware world that trying to get up-to-date figures and statistics tends to be like trying to nail the proverbial Jell-O™ to a wall. Different vendors and surveys in different time periods often say vastly different things. For example, many cybersecurity vendors talk about multi-month average dwell times where the ransomware gang specifically figured out the exact maximum ransom they could ask for, while others will tell you that “most” ransomware attacks happen right after the break-in or within hours of the initial successful exploitation, and all the victims are asked for same fixed fee. Who is right? Likely everyone. There are at least a 100 different ransomware programs coded by all sorts of criminals of varying skill levels and experiences successfully attacking tens to hundreds of thousands of organizations and people a year. Different ransomware groups also target different industries, sectors, and regions. The figures and stats are bound to vary widely.
Even the exact same answer can have a different number from the same vendor. For example, the Coveware Q1 2021 report figure listed above states that the average ransom paid was $220,298, but in the same report it also says the median ransom payment was $78,398. The two figures don't even seem close. This seemingly statistical anomaly means that a few victims on the upper end are paying far more than the rest of the victims, which brings up the overall average for everyone. It turns out having to pay a few $5 million and $10 million ransoms will skew results.
So, if you're trying to figure out how much a ransom payment might cost your company, which figure do you use in your estimation calculation? It varies based on your perspective. The most conservative answer is if you want to be safe and set aside for the worse-case scenario, then use the highest reasonable estimate. But who knows, if your organization gets hit by ransomware, the criminals might ask for an unreasonable figure. Certainly, none of the organizations hit by multi-million dollar ransoms would agree with the reasonableness of the request.
How much you might have to pay really comes down to what type of ransomware program you got hit with, how bad things got before damage control started to happen, and how recovery goes. And no one knows those answers until they are in the thick of things. It's like going into a surgery with a bad pain in your lower left quadrant and asking the doctor what the cost of the operation will be before they've put you to sleep. No one knows.
With that said, no matter what figures you grab and whether they are using averages, medians, or last year's figures, the damage caused by ransomware is bad and getting worse. The total involved costs can easily be many millions for multimillion-dollar organizations and tens to hundreds of millions for multibillion-dollar organizations. Smaller amounts of ransom can even be devastating to smaller organizations.
True Costs of Ransomware
Many defenders when trying to argue for the need to defend against ransomware must come up with the potential damages that might occur from a ransomware event. The damages incurred by one organization vary drastically from another, according to size of the organization, revenue stream, preparation, value of the involved data, how bad the incident is, and ability to respond to a particular ransomware attack. There are a lot of variables at play. Get hit with a very simple ransomware program that was really meant to hit a consumer at home, and the cost could be less than $1,000 to clean up a single exploited computer. Get hit by another ransomware variant, and it could mean the whole network is down for weeks to months.
Still, many defenders are asked to come up with estimated costs to help with cybersecurity risk management decisions around ransomware, such as whether to buy cybersecurity insurance, upgrade that old backup system, or what to invest in next to try to prevent a ransomware attack from being successful in their organization. Unfortunately, as covered earlier, the risk from ransomware and costs ...